This release features important security updates to Firefox.
This release updates Firefox to 45.3.0esr. Additionally, it bumps NoScript to 220.127.116.11, HTTPS-Everywhere to 5.2.1, disables asmjs, removes meek-google and contains a few other bug fixes.
Note: Due to bug 19410, on OSX the incremental update will not be working for users who installed the previous version using the .dmg file. The internal updater should still work, though, doing a complete update.
Update (August 11, 10:04 UTC): Starting from a couple of hours ago Tor Browser users might see a notification box in their browser claiming that Firefox is too old providing a button to get a newer one. This is both due to a server-side code change on Mozilla's side and an oversight by us during the ESR45 transition. Clicking on the "Get Firefox" button is safe and leads the user to our Tor Browser download page. Needless to say, this whole behavior is highly confusing and we apologize for it. We are working on a fix as quickly as possible and hope to get Mozilla to exempt Tor Browser users from this feature while we are working on a new release. For technical details see our bug tracker.
Here is the full changelog since 6.0.2:
- All Platforms
- Update Firefox to 45.3.0esr
- Update Torbutton to 18.104.22.168
- Update HTTPS-Everywhere to 5.2.1
- Update NoScript to 22.214.171.124
- Bug 19715: Disable the meek-google pluggable transport option
- Bug 19714: Remove mercurius4 obfs4 bridge
- Bug 19585: Fix regression test for keyboard layout fingerprinting
- Bug 19515: Tor Browser is crashing in graphics code
- Bug 18513: Favicon requests can bypass New Identity
- OS X
- Bug 19269: Icon doesn't appear in Applications folder or Dock
- Bug 19484: Avoid compilation error when MOZ_UPDATER is not defined
Tor 0.2.8.6 has been released! You can download the source from the Tor website. Packages should be available over the next week or so.
Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series.
The Tor 0.2.8 series improves client bootstrapping performance, completes the authority-side implementation of improved identity keys for relays, and includes numerous bugfixes and performance improvements throughout the program. This release continues to improve the coverage of Tor's test suite.
Below is a list of the changes since Tor 0.2.7. For a list of only the changes that are new since 0.2.8.5-rc, please see the ChangeLog file.
Changes in version 0.2.8.6 - 2016-08-02
- New system requirements:
- Tor no longer attempts to support platforms where the "time_t" type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184.
- Tor no longer supports versions of OpenSSL with a broken implementation of counter mode. (This bug was present in OpenSSL 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no longer runs with, these versions.
- Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later (released in 2008 and 2009 respectively). If you are building Tor from the git repository instead of from the source distribution, and your tools are older than this, you will need to upgrade. Closes ticket 17732.
We, the Debian project and the Tor project are enabling Tor onion services for several of our sites. These sites can now be reached without leaving the Tor network, providing a new option for securely connecting to resources provided by Debian and Tor.
The freedom to use open source software may be compromised when access to that software is monitored, logged, limited, prevented, or prohibited. As a community, we acknowledge that users should not feel that their every action is trackable or observable by others. Consequently, we are pleased to announce that we have started making several of the various web services provided by both Debian and Tor available via onion services.
While onion services can be used to conceal the network location of the machine providing the service, this is not the goal here. Instead, we employ onion services because they provide end-to-end integrity and confidentiality, and they authenticate the onion service end point.
For instance, when users connect to the onion service running at http://sejnfjrq6szgca7v.onion/ using a Tor-enabled browser such as the TorBrowser, they can be certain that their connection to the Debian website cannot be read or modified by third parties, and that the website that they are visiting is indeed the Debian website. In a sense, this is similar to what using HTTPS provides. However, crucially, onion services do not rely on third-party certificate authorities (CAs). Instead, the onion service name cryptographically authenticates its cryptographic key.
In addition to the Tor and Debian websites, the Debian FTP and the Debian Security archives are available from .onion addresses, enabling Debian users to update their systems using only Tor connections. With the apt-transport-tor package installed, the following three lines can replace the normal debian mirror entries in the apt configuration file (
deb tor+http://vwakviie2ienjx6t.onion/debian jessie main
deb tor+http://vwakviie2ienjx6t.onion/debian jessie-updates main
deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main
Likewise, Tor's Debian package repository is available from an onion service :
deb tor+http://sdscoq7snqtznauu.onion/torproject.org jessie main
Lists of several other new onion services offered by Debian and Tor are available from https://onion.debian.org and https://onion.torproject.org respectively. We expect to expand these lists in the near future to cover even more of Debian's and Tor's services.
Seven weeks ago, I published a blog post saying that Jacob Appelbaum had left the Tor Project, and I invited people to contact me as the Tor Project began an investigation into allegations regarding his behavior.
Since then, a number of people have come forward with first-person accounts and other information. The Tor Project hired a professional investigator, and she interviewed many individuals to determine the facts concerning the allegations. The investigator worked closely with me and our attorneys, helping us to understand the overall factual picture as it emerged.
The information shared was sensitive, and in writing this post I am aiming to balance my desire for the Tor Project to be transparent and accountable with my desire to respect individual privacy.
Here is what I am able to say:
The investigation is now complete. Many people inside and outside the Tor Project have reported incidents of being humiliated, intimidated, bullied and frightened by Jacob, and several experienced unwanted sexually aggressive behavior from him. Some of those incidents have been shared publicly, and some have not. The investigation also identified two additional people as having engaged in inappropriate conduct, and they are no longer involved with the Tor Project.
Based on the results of this investigation, we want to be more clear about (1) how we expect people to behave, (2) where people can take complaints and problems, (3) what will happen when complaints are received.
Putting procedures in place is more difficult for the Tor Project than for other organizations, because the staff of the Tor Project works in partnership with a broader Tor community, many of whom are volunteers or employed by other organizations. It is not a traditional top-down management environment. I am pleased, therefore, to announce that both the Tor Project and the Tor community are taking active steps to strengthen our ability to handle problems of unprofessional behavior. Specifically, the Tor Project has created an anti-harassment policy, a conflicts of interest policy, procedures for submitting complaints, and an internal complaint review process. They were recently approved by Tor’s board of directors, and they will be rolled out internally this week.
In addition, the Tor community has created a community council to help to resolve intra- community difficulties, and it is developing membership guidelines, a code of conduct, and a social contract that affirms our shared values and the behaviors we want to model. We expect these to be finalized and approved by the community at or before our next developer meeting at the end of September.
I believe these new policies and practices will make the Tor Project and the Tor community significantly healthier and stronger. I want to thank everyone who has contributed to the work we've done so far, and also to those who will contribute in the coming months.
I also want to note that the Tor Project board just elected a slate of new board members with significant governance and executive leadership experience. This was a bold and selfless decision by the outgoing board, to whom I am grateful. I am confident the new board will be a key source of support for the Tor Project going forward.
I want to thank all the people who broke the silence around Jacob's behavior. It is because of you that this issue has now been addressed. I am grateful you spoke up, and I acknowledge and appreciate your courage.
I look forward to instituting the changes described above and to continuing the Tor Project's important work.
We’ve been speaking to journalists who are curious about a HotPETS 2016 talk from last week: the HOnions: Towards Detection and Identification of Misbehaving Tor HSDirs research paper conducted by our colleagues at Northeastern University. Here's a short explanation, written by Donncha and Roger.
Internally, Tor has a system for identifying bad relays. When we find a bad relay, we throw it out of the network.
But our techniques for finding bad relays aren't perfect, so it's good that there are other researchers also working on this problem. Acting independently, we had already detected and removed many of the suspicious relays that these researchers have found.
The researchers have sent us a list of the other relays that they found, and we're currently working on confirming that they are bad. (This is tougher than it sounds, since the technique used by the other research group only detects that relays *might* be bad, so we don't know which ones to blame for sure.)
It's especially great to have this other research group working on this topic, since their technique for detecting bad relays is different from our technique, and that means better coverage.
As far as we can tell, the misbehaving relays' goal in this case is just to discover onion addresses that they wouldn't be able to learn other ways—they aren't able to identify the IP addresses of hosts or visitors to Tor hidden services.
The authors here are not trying to discover new onion addresses. They are trying to detect other people who are learning about onion addresses by running bad HSDirs/relays.
This activity only allows attackers to discover new onion addresses. It does not impact the anonymity of hidden services or hidden service clients.
We have known about and been defending against this situation for quite some time. The issue will be resolved more thoroughly with the next-generation hidden services design. Check out our blog post, Mission: Montreal!
"The Internet of Things" is the remote control and networking of everyday devices ranging from a family's lawn sprinkler or babycam to a corporation's entire HVAC system.
Tor Project contributor Nathan Freitas, Executive Director of The Guardian Project, has developed a new way to use Tor's anonymous onion services to protect the "Internet of Things." The new system, while experimental, is also scalable.
The system uses Home Assistant, a free, open-source platform built on Python, that can run on Raspberry Pi and other devices. It easily can be set up to control and network people’s “Internet of Things” —home security systems, toasters, thermostats, smart lightbulbs, weather sensors and other household appliances. The new "Tor Onion Service Configuration" setup is available on their website.
"The Tor Project wants Tor privacy technology to be integrated into everyday life so that people don't have to log on to it—their privacy and security are built in. Nathan's work with Home Assistant is an early but important milestone," said Shari Steele, Tor's Executive Director.
The great danger with the "Internet of Things" (or IoT) is the opportunity for surveillance--for an individual hacker or a state actor to accumulate, store, and exploit very private information against individuals or companies.
These attacks are far from hypothetical: We've read about the ability for an attacker to see and speak to a baby through a babycam or hack and control a car. Attackers stole 40 million credit card numbers after they hacked into a national retailer's HVAC system and used it to reach their computer system and their customers.
Tor has developed a way to build a buffer of privacy between the baby and the Internet--so that the baby (or the HVAC system) is never exposed to the open Internet at all. Instead of a hackable, single point of failure, attackers must contend with the global network of thousands of Tor nodes.
"Too many 'Things' in our homes, at our hospitals, in our businesses and throughout our lives are exposed to the public Internet without the ability to protect their communication. Tor provides this, for free, with real-world hard ended, open-source software and strong, state of the art cryptography," said Nathan Freitas, Executive Director of the Guardian Project.
“Networked sensors and the Internet of Things are projected to grow substantially, and this has the potential to drastically change surveillance. The still images, video, and audio captured by these devices may enable real-time intercept and recording with after-the-fact access. Thus an inability to monitor an encrypted channel could be mitigated by the ability to monitor from afar a person through a different channel.”
--"DON'T PANIC," Berkman Klein Center's report on encryption
• Guardian Project video explaining the Tor/Home Assistant system: https://www.youtube.com/watch?v=j2yT-0rmgDA
• Guardian Project's easy-to-understand slides:
• Home Assistant page on setting up Tor:
Today, the board of directors of the Tor Project is announcing a bold decision in keeping with its commitment to the best possible health of the organization.
Says Tor's Executive Director Shari Steele, "I think this was an incredibly brave and selfless thing for the board to do. They’re making a clear statement that they want the organization to become its best self."
A Statement from the Board of Directors of The Tor Project
As Tor's board of directors, we consider it our duty to ensure that the Tor Project has the best possible leadership. The importance of Tor's mission requires it; the public standing of the organization makes it possible; and we are committed to achieve it.
We had that duty in mind when we conducted an Executive Director search last year, and appreciate the leadership Shari Steele has brought. To support her, we further believe that it is time that we pass the baton of board oversight as the Tor Project moves into its second decade of operations.
Accordingly, we are pleased to announce an excellent slate of new directors who have agreed to serve on Tor's board. The old directors have, as of July 12, 2016, elected these directors as the new Tor board:
Roger Dingledine and Nick Mathewson will continue in their roles as co-founders of the Tor Project, leading Tor's technical research and development. We will all continue to support Tor's mission, community, management, and organization; and we are happy to offer Shari, the new board, and the entire team our help and knowledge. We thank the Tor community for their patience and help in this transition.
Meredith Hoban Dunn
Rabbi Rob Thomas
Biographies of Incoming Board Members
(Photos available upon request)
Matt Blaze is a professor in the computer and information science department at the University of Pennsylvania, where he directs the Distributed Systems Laboratory. He has been doing research on surveillance technology for over 20 years, as well as cryptography, secure systems, and public policy.
Cindy Cohn is the Executive Director of the Electronic Frontier Foundation (EFF). From 2000 to 2015 she served as EFF’s Legal Director as well as its General Counsel. Ms. Cohn first became involved with EFF in 1993, when EFF asked her to serve as the outside lead attorney in Bernstein v. Dept. of Justice, the successful First Amendment challenge to the U.S. export restrictions on cryptography. Since then, Ms. Cohn has worked to ensure that people around the world have the right to access information and communicate privately and anonymously, including mounting lawsuits against NSA spying, providing legal counsel to computer programmers building and developing privacy and anonymity tools, and helping to develop the Necessary and Proportionate Principles applying international human rights standards to digital communications surveillance.
The National Law Journal named Ms. Cohn one of 100 most influential lawyers in America in 2013, noting: "[I]f Big Brother is watching, he better look out for Cindy Cohn." She was also named one of the 100 most influential lawyers in 2006 for "rushing to the barricades wherever freedom and civil liberties are at stake online." In 2007 the National Law Journal named her one of the 50 most influential women lawyers in America. In 2010 the Intellectual Property Section of the State Bar of California awarded her its Intellectual Property Vanguard Award and in 2012 the Northern California Chapter of the Society of Professional Journalists awarded her the James Madison Freedom of Information Award.
Bruce Schneier is an internationally renowned security technologist; called a "security guru" by The Economist. He is the author of 14 books -- including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and the Tor Project, and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the Chief Technology Officer of Resilient.
Gabriella (Biella) Coleman holds the Wolfe Chair in Scientific and Technological Literacy at McGill University. Trained as an anthropologist, her scholarship explores the intersection of the cultures of hacking and politics, with a focus on the sociopolitical implications of the free software movement and the digital protest ensemble Anonymous. She has authored two books, Coding Freedom: The Ethics and Aesthetics of Hacking (Princeton University Press, 2012) and Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous (Verso, 2014), which was named to Kirkus Reviews’ Best Books of 2014 and was awarded the Diana Forsythe Prize by the American Anthropological Association. Her work has been featured in numerous scholarly journals and edited volumes. Committed to public ethnography, she routinely presents her work to diverse audiences, teaches undergraduate and graduate courses, and has written for popular media outlets, including the New York Times, Slate, Wired, MIT Technology Review, Huffington Post, and the Atlantic.
Linus Nordberg is a longtime internet and privacy activist who has been involved with Tor since 2009. He's a software developer who specializes in network security and operating internet services. Since his start at Tor he's developed code, run services, and advocated for the Tor Project. He's one of the founders of the Swedish digital rights organization DFRI (Digitala Fri- och Rättigheter) and through that involved in the European umbrella public policy organization EDRi (European Digital Rights).
Megan Price, Executive Director of the Human Rights Data Analysis Group, designs strategies and methods for statistical analysis of human rights data for projects in a variety of locations including Guatemala, Colombia, and Syria. Her work in Guatemala includes serving as the lead statistician on a project in which she analyzes documents from the National Police Archive; she has also contributed analyses submitted as evidence in two court cases in Guatemala. Her work in Syria includes serving as the lead statistician and author on three reports, commissioned by the Office of the United Nations High Commissioner of Human Rights (OHCHR), on documented deaths in that country.
Megan is a member of the Technical Advisory Board for the Office of the Prosecutor at the International Criminal Court, a Research Fellow at the Carnegie Mellon University Center for Human Rights Science, and she is the Human Rights Editor for the Statistical Journal of the International Association for Official Statistics (IAOS). She earned her doctorate in biostatistics and a Certificate in Human Rights from the Rollins School of Public Health at Emory University. She also holds a master of science degree and bachelor of science degree in Statistics from Case Western Reserve University.
The Tor Project develops and distributes free software and has built an open and free network that helps people defend against online surveillance that threatens personal freedom and privacy. Tor is used by human rights defenders, diplomats, government officials, and millions of ordinary people who value freedom from surveillance.
The Tor Project's Mission Statement: "To advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding."
For media inquiries, contact press at tor project dot org.
Tor 0.2.8.5-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.
Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.
PLEASE NOTE: This is a release candidate. We think that we solved all of the showstopper bugs, but we also thought the same thing about 0.2.8.4-rc: crucial bugs may remain. Please only run this release if you're willing to test and find bugs. If no showstopper bugs are found, we'll be putting out 0.2.8.6 as a stable release.
Changes in version 0.2.8.5-rc - 2016-07-07
- Directory authority changes:
- Urras is no longer a directory authority. Closes ticket 19271.
- Major bugfixes (heartbeat):
- Fix a regression that would crash Tor when the periodic "heartbeat" log messages were disabled. Fixes bug 19454; bugfix on tor-0.2.8.1-alpha. Reported by "kubaku".
- Minor features (build):
- Minor bugfixes (fallback directory selection):
- Avoid errors during fallback selection if there are no eligible fallbacks. Fixes bug 19480; bugfix on 0.2.8.3-alpha. Patch by teor.
- Minor bugfixes (IPv6, microdescriptors):
- Don't check node addresses when we only have a routerstatus. This allows IPv6-only clients to bootstrap by fetching microdescriptors from fallback directory mirrors. (The microdescriptor consensus has no IPv6 addresses in it.) Fixes bug 19608; bugfix on 0.2.8.2-alpha.
- Minor bugfixes (logging):
- Reduce pointlessly verbose log messages when directory servers can't be found. Fixes bug 18849; bugfix on 0.2.8.3-alpha and 0.2.8.1-alpha. Patch by teor.
- When a fallback directory changes its fingerprint from the hard- coded fingerprint, log a less severe, more explanatory log message. Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor.
- Minor bugfixes (Linux seccomp2 sandboxing):
- Allow statistics to be written to disk when "Sandbox 1" is enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and 0.2.6.1-alpha respectively.
- Minor bugfixes (user interface):
- Remove a warning message "Service [scrubbed] not found after descriptor upload". This message appears when one uses HSPOST control command to upload a service descriptor. Since there is only a descriptor and no service, showing this message is pointless and confusing. Fixes bug 19464; bugfix on 0.2.7.2-alpha.
- Fallback directory list:
- Add a comment to the generated fallback directory list that explains how to comment out unsuitable fallbacks in a way that's compatible with the stem fallback parser.
- Update fallback whitelist and blacklist based on relay operator emails. Blacklist unsuitable (non-working, over-volatile) fallbacks. Resolves ticket 19071. Patch by teor.
- Update hard-coded fallback list to remove unsuitable fallbacks. Resolves ticket 19071. Patch by teor.